{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4271","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-05-04T18:25:06.571Z","datePublished":"2025-05-05T08:00:08.825Z","dateUpdated":"2025-05-05T13:09:25.246Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-05-05T08:00:08.825Z"},"title":"TOTOLINK A720R cstecgi.cgi information disclosure","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"TOTOLINK","product":"A720R","versions":[{"version":"4.1.5cu.374","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"In TOTOLINK A720R 4.1.5cu.374 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments topicurl mit der Eingabe showSyslog mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}}],"timeline":[{"time":"2025-05-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-05-04T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-05-04T20:30:19.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"153528990 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.307375","name":"VDB-307375 | TOTOLINK A720R cstecgi.cgi information disclosure","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.307375","name":"VDB-307375 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.563444","name":"Submit #563444 | TOTOLINK A720R V4.1.5cu.374 Exposure of Sensitive System Information to an Unauthorized Cont","tags":["third-party-advisory"]},{"url":"https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/showSyslog.md","tags":["exploit"]},{"url":"https://www.totolink.net/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-05T13:00:50.937071Z","id":"CVE-2025-4271","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-05T13:09:25.246Z"}}]}}